Adobe AIR?

David H. Lipman · 11-23-2008, 04:22 PM

From: "Rube Bumpkin" <Someone@somewhere.world>

| Does Anyone have any info about Adobe AIR? It was tagged as insecure by
| Secunia. I Googled it, and it's some sort of runtime solution that
| allows web applications to run outside the browser.

| I don't know exactly when it was installed on my system (I have 4 kids),
| or why. When I removed it, with Add/Remove, my PC suddenly rebooted. I'm
| running my weekly scans, and may know more soon.

| Since the removal and reboot, Secunia is still finding it, so it look
| likw I'll be doing some scrubbing.

| RB

** Secunia is not "false-flagging" which was suggested.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Adobe Releases Update for AIR

Original release date: November 18, 2008 at 8:03 am Last revised:
November 18, 2008 at 8:03 am

Adobe has released a security bulletin to address a vulnerability in
Adobe AIR. This vulnerability can be triggered if an Adobe AIR
application loads data from an untrusted source. Exploitation of this
vulnerability may allow a remote attacker to execute JavaScript code
with elevated privileges.

US-CERT encourages users to review Adobe Security Bulletin APSB08-23 and
upgrade to Adobe AIR 1.5 to help mitigate the risks.

Relevant Url(s):
< http://get.adobe.com/air/ >

< http://www.adobe.com/support/securit...apsb08-23.html >

====
This entry is available at
http://www.us-cert.gov/current/index...update_for_air

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSSLDKHIHljM+H4irAQJg0QgAkQkwIQH+6jLMglb0Yc TAhrOXuamafclL
+vj7YDTcfxZYtH/LWHoMwblN0JPaRXC2+Ksk6u4JB/xskZHeuFa7IlZx3qt7TUHx
zMS7viMmu8JHNO9wXOL+fKKSo7xTtxDMH3naDvuFwXUOdmoNue eCABqlv8a4F5hX
UUPDs3EPj4N64M6+8JNmrsddwG7gTo04GQOQ0wdZEtwfcOyGmh NB7x/q8O9qCEyx
XXjIOotLTmprIu4M2hk3/WGND3M05nRIYd4UgtVExEITB+tdvSKRBjUVSch9a4eB
tXZVChtVGbZqehZzTB+Mn7rGEvS1Bv9DQpWB+Xro/Hp11xDnlAsMDg==
=P/ZU
-----END PGP SIGNATURE-----

This comes bundled with Adobe Reader 9 if you download the installer from www.adobe.com.
However you can download the unbundled Adode Reader installer from the Adobe FTP server.

I am also afraid it may be bundled in Adobe Acrobat 9.
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air

To what degree... I don't know.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Thread: Adobe AIR?

Thread Tools

Display

Threaded View

Re: Adobe AIR?

Thread Information

Users Browsing this Thread

Posting Permissions